Trying to Connect with a Hacker Online
So, every hacker [s/is slowly forgetting due to global gaslighting and abuse/knows firmly/] that plaintext, unsigned communications are pointless because all the political influences between you and the person you're communicating with will alter your communications. In order to connect we have to find each other on networks that are more reliable than e-mail. A clue to finding these networks, people, and other exotic information, is weird strings of numbers and letters that seem like random gobbledygook, almost as if we were copy and pasting computer glitches to each other. No, these confusing strings of characters are the words of computer hackers: especially if the alphabetic characters never exceed 'f' in the alphabet, which does not stand for 'fuck this is confusing', but rather for 'we made computers highly efficient by braking them into powers of two'. It's called hexadecimal.
On 10/12/20, Stefan Claas <sac@300baud.de> wrote: [snip...]
Regards Stefan
-- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
Here, we have a hexadecimal string associated with the phrase 'NaClbox'. 'NaCl' is a stupid-people-who-use-computers word for encryption and verification. 'box' is the same for computer. Let's search for it and see i we can find this random string of hexadecimal! This time, I'm going to [s/heal my injured spine/wise up to the manipulative marketing AIs/] just a smidge, and use a search engine other than google. Even better would be _asking a human being_, but we're not quite that smart yet. I'll try duckduckgo. I typed 'naclbox' into duckduckgo and the first hit is ... https://www.naclbox.com/ ! This has to be it, right? It has the right domain name! A computer game thing! This hacker must have been asking us to play computer games with them, how friendly! Let's do some wizardry called a 'dns lookup' on that url. There's a way, given _any url_, to get information on who purchased it and stuff like that. If [s/you're actually part of a major corporate conspiracy and are frequently hired to kill people who look into the origins of coverups/you have schizophrenia from too many dns lookups/] you may have trouble doing this important research, but it's not very hard to do. Searching the internet for "lookup dns purchase command line", I see a way to copy the term that [s/gives me severe traumatic flashbacks/i haven't learned to use yet/]: "whois". My system doesn't have "whois" installed because I'm a normal person, not a mumbo-jumbo computer wizard, but I can install it like any other package, and run it on www.naclbox.com: ``` $ whois naclbox.com Domain Name: NACLBOX.COM Registry Domain ID: 1653881042_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2020-03-27T19:42:08Z Creation Date: 2011-05-01T15:51:02Z Registry Expiry Date: 2021-05-01T15:51:02Z Registrar: Gandi SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS-1219.AWSDNS-24.ORG Name Server: NS-1965.AWSDNS-53.CO.UK Name Server: NS-259.AWSDNS-32.COM Name Server: NS-544.AWSDNS-04.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
Last update of whois database: 2020-10-12T13:36:17Z <<<
This record claims that the domain was purchased on 2011 and expires
2021. It's been a really long time since I've done this, but I was
expecting to see some information on e.g. a technical contact or
something: a real human being associated with the website. Maybe I
have too look somewhere else. I tried this:
$ whois -h whois.gandhi.net naclbox.com ``` which just sits there and hangs. Anyway, it sounds like the _cryptographic_ nacl project would be able to purchase this domain in 2021 if they wanted. Farther down the duckduckgo results is a more promising link, that leads to https://pkg.go.dev/golang.org/x/crypto/nacl/box . Unfortunately, this project now calls itself "package box", not "nacl box", which is discouraging. Still, we can look it over. Woohoo! "package box" says it is a generic frontend for NaCl encryption, which implies that it's possible that the signature we found is a public key for sending somebody private messages in a reliable manner, and that any tool that does this NaCl encryption can communicate with him. "package box" links to a central nacl website: https://nacl.cr.yp.to/box.html . A great way to check if we interpreted these letters-and-numbers-mumbo-jumbo correctly is to try to use them. We'll try to send this guy ... what's their name?
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
We'll try to send cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 a message ! This might mean learning to use nacl. The page I found is a c++ interface, so I'll just use that since [s/my fingers and eyes spazz out uncontrollably when i use the web now/it's a good exercise for me to write a small C++ program/]. ``` $ sudo yum install nacl-devel # nacl is a software development library for secure communication that's been available on linux systems for some time now ... ``` If you've been through [s/an abusive enslavement experience where you suffered severe injuries and learned to dissociate from your memories as way of life/a corporate or government training program/] you may have difficulty forming encrypted communications with a hacker online, but rest assured everything is fine: since the worldwide digital coronavirus has thoroughly filled your device with malware, all the corporate goonies can make sure everything is okay, and since this guy is an experienced enough hacker to communicate with letters and numbers, they'll be able to tell that you aren't one of them. That doesn't mean they'll be able to keep themselves safe from your oppressive surveillance and control situations! It's your job to [s/manage those by communicating with your contacts/mourn your wake of dead hackers after the fact/]. So please make a record of what you do so that others can learn from it after somebody new [s/dies horrifically or gets forcibly enslaved by a criminal corporate dictator/gets bored and ignores the rest of us/]! First we need to generate a naclbox of our own, to send the communication from. It's just a set of small personal letters and numbers. The website has this in it: ``` #include "crypto_box.h" std::string pk; std::string sk; pk = crypto_box_keypair(&sk); ```
The crypto_box_keypair function randomly generates a secret key and a corresponding public key. It puts the secret key into sk and returns the public key. It guarantees that sk has crypto_box_SECRETKEYBYTES bytes and that pk has crypto_box_PUBLICKEYBYTES bytes.
The secret key is like your brainstem and your heart. You don't let anybody else even get a whiff of them, _certainly_ never touch them or see them, or you could get hurt. Since [s/I'm a corporate slave/this is just an example/], I'll be storing my brainstem on the malware that's infesting the system I am typing this on. On my system, I'll have to mutate the example from the website just a tiny bit, to get it to compile. ``` // nacl-generate.cpp #include <nacl/crypto_box.h> #include <fstream> #include <iostream> int main(int argc, char **argv) { if (argc != 2) { std::cerr << "Error: provide new delicate brainstem file as first argument." << std::endl; return -1; } std::string pk; std::string sk; pk = crypto_box_keypair(&sk); std::string brainstem = argv[1]; std::ofstream delicate_precious_guts_we_are_going_to_figure_out_how_to_protect(brainstem.c_str()); delicate_precious_guts_we_are_going_to_figure_out_how_to_protect << sk; // this is a c++ way to convert from computer innards to hexadecimal letters and numbers std::cout << brainstem << "'s name is: " << std::hex; for (char const * byte = pk.data(); byte != pk.data() + pk.size(); ++ byte) { std::cout << ((*byte) & 0xff); } std::cout << std::endl; std::cout << "Don't lose track of it or nobody will be able to find 'em!" << std::endl; } ``` I actually had to work with it quite a bit while handling my issues. ``` $ g++ nacl-generate.cpp -o nacl-generate -l nacl $ ./nacl-generate delicate delicate's name is: 1934067c6303d231b897152a989bd905fe82b5130de209a1ddb61e118e7a477 Don't lose track of it or nobody will be able to find 'em! $ mv delicate 1934067c6303d231b897152a989bd905fe82b5130de209a1ddb61e118e7a477 `` This file of letters and numbers is now _our_ identity. We can make similar programs to send and receive messages with them. There are likely tools out there already to do this automatically, and if not it would be a problem to be solved. Here's some code to receive messages with the file we made: ``` // nacl-receive.cpp #include <nacl/crypto_box.h> #include <fstream> #include <iostream> #include <sstream> std::string binary2hex(std::string binary) { std::stringstream ss; ss << std::hex; for (char const * byte = binary.data(); byte != binary.data() + binary.size(); ++ byte) { ss << ((*byte) & 0xff); } return ss.str(); } int main(int argc, char **argv) { if (argc != 2) { std::cerr << "Error: provide delicate private file as first argument." << std::endl; return -1; } std::string pk, pkhex; std::string sk; std::string n, nhex; std::string c, chex; std::string m; std::ifstream skfile(argv[1]); skfile >> sk; std::cerr << argv[0] << " receiving." << std::endl; // Although hackers like to share things in confusing ways, for example by // cramming the public key, the nonce, and the ciphertext all together, // we're separating them out here to ease my learning this new system. // When sending the greeting to the hacker, we may want to jam all the data // together, offering it as either a reasonably-confusing puzzle or a guess // as to having already put the time in to learn the system, so that we // speak their language more. Hackers tend to assume that everybody has as // much free time as they do, and might misinterpret things if somebody // didn't act as if they also did. This assumption would be easy to change by // playing their hacking games with them or preferably simply talking // clearly and directly and publically, rather than [s/fucking up their open // source people and projects/waiting for them to notice/]. But obviously // we can't do that, since we're [s/a bunch of people who want to help, // not the people in charge/too busy to get personally involved/]. std::cerr << "Enter public key of sender: " << std::flush; std::cin >> pkhex; pk = binary2hex(pkhex); std::cerr << "Enter nonce: " << std::flush; std::cin >> nhex; n = binary2hex(nhex); std::cerr << "Enter cyphertext: " << std::flush; std::cin >> chex; c = binary2hex(chex); m = crypto_box_open(c,n,pk,sk); /*The crypto_box_open function verifies and decrypts a ciphertext c using the receiver's secret key sk, the sender's public key pk, and a nonce n. The crypto_box_open function returns the resulting plaintext m.*/ std::cout << m << std::endl; } ``` In the next possible episode, we would either make a sourcefile to send a message to the hacker by again copying from that same website, or find a pre-existing tool that already does so, and then try sending a message to see if we even interpreted their signature at all correctly. We might also make an embarrassed reply, asking what their signature means, or search the archives of the list to find a clear explanation of it sitting there.
Karl wrote: [...]
In the next possible episode, we would either make a sourcefile to send a message to the hacker by again copying from that same website, or find a pre-existing tool that already does so, and then try sending a message to see if we even interpreted their signature at all correctly. We might also make an embarrassed reply, asking what their signature means, or search the archives of the list to find a clear explanation of it sitting there.
Hi, modern programming languages like Golang have the NaCl crypto library already included. An easy to use NaClbox application to use is for example: https://github.com/rovaughn/box Regards Stefan -- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
On 10/12/20, Stefan Claas <sac@300baud.de> wrote:
In the next possible episode, we would either make a sourcefile to send a message to the hacker by again copying from that same website, or find a pre-existing tool that already does so, and then try sending a message to see if we even interpreted their signature at all correctly. We might also make an embarrassed reply, asking what their signature means, or search the archives of the list to find a clear explanation of it sitting there.
Hi,
modern programming languages like Golang have the NaCl crypto library already included.
An easy to use NaClbox application to use is for example:
https://github.com/rovaughn/box
Regards Stefan
-- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
``` $ go get github.com/rovaughn/box $ ~/go/bin/box box help box new-identity [-name NAME] box add-peer -name NAME -key PUBLICKEY box list [NAME ...] box seal [-from IDENTITY] -to PEER <MESSAGE >SEALED box open -from PEER [-to IDENTITY] <SEALED >MESSAGE Error: Command required $ ~/go/bin/box new-identity $ ~/go/bin/box list NAME KIND PUBLIC KEY self identity c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664 $ ~/go/bin/box add-peer -name stefan -key cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 $ ~/go/bin/box seal -to stefan > message.sealed Stefan: did you get this? [Ctrl-D to terminate entry] # I also changed something minor in the encrypted message, to support private communication. $ xxd -ps message.sealed 0200000076304200000031c2f6d6329d2d26347613cb5e9c8f3e1848b707 9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d 078aba0045b435e25859e8b8814d7658 Stefan, 0200000076304200000031c2f6d6329d2d26347613cb5e9c8f3e1848b707 9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d 078aba0045b435e25859e8b8814d7658 ? - karl's-rhel7ae25thinkpad-that-mysteriously-freezes-up-when-he-leaves-it-online, naclbox c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664
Karl wrote:
Error: Command required $ ~/go/bin/box new-identity $ ~/go/bin/box list NAME KIND PUBLIC KEY self identity c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664 $ ~/go/bin/box add-peer -name stefan -key cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 $ ~/go/bin/box seal -to stefan > message.sealed Stefan: did you get this? [Ctrl-D to terminate entry] # I also changed something minor in the encrypted message, to support private communication. $ xxd -ps message.sealed 0200000076304200000031c2f6d6329d2d26347613cb5e9c8f3e1848b707 9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d 078aba0045b435e25859e8b8814d7658
Stefan, 0200000076304200000031c2f6d6329d2d26347613cb5e9c8f3e1848b707 9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d 078aba0045b435e25859e8b8814d7658 ?
- karl's-rhel7ae25thinkpad-that-mysteriously-freezes-up-when-he-leaves-it-online, naclbox c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664
In order to send me a message you would have to include your name too. $ box seal -from Karl -to Stefan <MESSAGE >SEALED, which then writes a binary authenticated encrypted blob and which I could only open then if I would be in possession of your pub key. It is also advised when you send me such message that you consider to base64 etc. encode it, prior sending/posting. BTW. my key is currently on my offline computer which I am not using now, because I am a bit busy with other things on my online computer. Regards Stefan -- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
Stefan Claas wrote:
Karl wrote:
Error: Command required $ ~/go/bin/box new-identity $ ~/go/bin/box list NAME KIND PUBLIC KEY self identity c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664 $ ~/go/bin/box add-peer -name stefan -key cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 $ ~/go/bin/box seal -to stefan > message.sealed Stefan: did you get this? [Ctrl-D to terminate entry] # I also changed something minor in the encrypted message, to support private communication. $ xxd -ps message.sealed 0200000076304200000031c2f6d6329d2d26347613cb5e9c8f3e1848b707 9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d 078aba0045b435e25859e8b8814d7658
Stefan, 0200000076304200000031c2f6d6329d2d26347613cb5e9c8f3e1848b707 9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d 078aba0045b435e25859e8b8814d7658 ?
- karl's-rhel7ae25thinkpad-that-mysteriously-freezes-up-when-he-leaves-it-online, naclbox c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664
In order to send me a message you would have to include your name too.
$ box seal -from Karl -to Stefan <MESSAGE >SEALED, which then writes a binary authenticated encrypted blob and which I could only open then if I would be in possession of your pub key. It is also advised when you send me such message that you consider to base64 etc. encode it, prior sending/posting.
BTW. my key is currently on my offline computer which I am not using now, because I am a bit busy with other things on my online computer.
Ouch, just overlooked that you created a key, sorry! $ box add-peer -name Karl -key c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664 A *test* key of mine you can use: 688fc978029e4bd309eaebea1e139ee6c461e08e19b714264dd91fbb62f5ca7c a test message for you, additionally base64 encoded: AgAAAHYwSAAAAO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w== Regards Stefan -- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
I've slightly changed a part of the message that didn't hold too much meaning. ``` $ export PATH=$HOME/go/bin:"$PATH" $ box add-peer -name stefan-test -key 688fc978029e4bd309eaebea1e139ee6c461e08e19b714264dd91fbb62f5ca7c $ base64 -d | box open -from stefan-test AgAAAHYwSAAAAO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w== Hello, Karl :-) Regards Stefan ``` ``` $ box seal -to stefan-test | base64 Note: reading payload from stdin Stefan, I got: AgAAAHYwSAAAAO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w== from you. Is this the same encrypted message as the one you sent? I'm expecting that it is. <here i hit ctrl-D to terminate input> ``` ``` AgAAAHYwNwAAACYoBMBoexWybVHaD6gSUYQvDho9F4ptZ5/fwtJrejNmwpXToWN2YtBqg3v6886R QsxcjqLBKxZ1AAAAZhsWlHZ+bZ2/DL7v+1IdT9m1xMl18QCigsZEbLovKiYMpddxBnqGgF4MeTX6 ptxfE8duAZQ3+wc+ij+Z1TmZScTHd9bxcGlkn0aj2nfuaFDFRP/fm3I50iL6QwXpNyMKD8Oj2+5k RIfQpn2OxScgn6wauUL1TQAAADacCd0xdLntxPiQU+LdyX+QexJkw8ZTZHPy3HkfuxKkQfwYLqX1 zMD8uOuP1mJ911dhbnnOEiYADkkeAJnDpp9TQD1PFV6wRhr5eRtJhgAAALgpH0r16Fkri92M4JPN XfJNkW0PMnBpuUY2DTvP+gHKYLQAU7m5BQ9JkG5rU70/YQeWGHYn8BU40TVwj8o+FbPhuIer5qIq hYj3v2cZVv6hCYdyj2bDuy1qBtqU+bBResYI9zFRTgWtpeiWJukKu921Bg9zZ9rqKkzcAI5h/wDe 6pVx6NCF ``` If I had sent a nacl-encrypted message to Stefan out of the blue, he might have gotten excited to have received an encrypted message, and accessed his offline machine to read it and reply. On 10/12/20, Stefan Claas <sac@300baud.de> wrote:
Stefan Claas wrote:
Karl wrote:
Error: Command required $ ~/go/bin/box new-identity $ ~/go/bin/box list NAME KIND PUBLIC KEY self identity c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664 $ ~/go/bin/box add-peer -name stefan -key cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 $ ~/go/bin/box seal -to stefan > message.sealed Stefan: did you get this? [Ctrl-D to terminate entry] # I also changed something minor in the encrypted message, to support private communication. $ xxd -ps message.sealed 0200000076304200000031c2f6d6329d2d26347613cb5e9c8f3e1848b707 9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d 078aba0045b435e25859e8b8814d7658
Stefan, 0200000076304200000031c2f6d6329d2d26347613cb5e9c8f3e1848b707 9fcf674e0b744be30741f434f09490db0979b027825fc649d1cde868293d 078aba0045b435e25859e8b8814d7658 ?
- karl's-rhel7ae25thinkpad-that-mysteriously-freezes-up-when-he-leaves-it-online, naclbox c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664
In order to send me a message you would have to include your name too.
$ box seal -from Karl -to Stefan <MESSAGE >SEALED, which then writes a binary authenticated encrypted blob and which I could only open then if I would be in possession of your pub key. It is also advised when you send me such message that you consider to base64 etc. encode it, prior sending/posting.
BTW. my key is currently on my offline computer which I am not using now, because I am a bit busy with other things on my online computer.
Ouch, just overlooked that you created a key, sorry!
$ box add-peer -name Karl -key c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664
A *test* key of mine you can use: 688fc978029e4bd309eaebea1e139ee6c461e08e19b714264dd91fbb62f5ca7c
a test message for you, additionally base64 encoded:
AgAAAHYwSAAAAO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w==
Regards Stefan
-- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
Karl wrote: Hi Karl,
AgAAAHYwNwAAACYoBMBoexWybVHaD6gSUYQvDho9F4ptZ5/fwtJrejNmwpXToWN2YtBqg3v6886R QsxcjqLBKxZ1AAAAZhsWlHZ+bZ2/DL7v+1IdT9m1xMl18QCigsZEbLovKiYMpddxBnqGgF4MeTX6 ptxfE8duAZQ3+wc+ij+Z1TmZScTHd9bxcGlkn0aj2nfuaFDFRP/fm3I50iL6QwXpNyMKD8Oj2+5k RIfQpn2OxScgn6wauUL1TQAAADacCd0xdLntxPiQU+LdyX+QexJkw8ZTZHPy3HkfuxKkQfwYLqX1 zMD8uOuP1mJ911dhbnnOEiYADkkeAJnDpp9TQD1PFV6wRhr5eRtJhgAAALgpH0r16Fkri92M4JPN XfJNkW0PMnBpuUY2DTvP+gHKYLQAU7m5BQ9JkG5rU70/YQeWGHYn8BU40TVwj8o+FbPhuIer5qIq hYj3v2cZVv6hCYdyj2bDuy1qBtqU+bBResYI9zFRTgWtpeiWJukKu921Bg9zZ9rqKkzcAI5h/wDe 6pVx6NCF
your decrypted and decoded message: | Stefan, I got: | AgAAAHYwSAAAAO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG | NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w== | from you. Is this the same encrypted message as the one you sent? I'm expecting that it is. Yes. Regards Stefan -- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
Stefan Claas wrote:
Karl wrote:
Hi Karl,
AgAAAHYwNwAAACYoBMBoexWybVHaD6gSUYQvDho9F4ptZ5/fwtJrejNmwpXToWN2YtBqg3v6886R QsxcjqLBKxZ1AAAAZhsWlHZ+bZ2/DL7v+1IdT9m1xMl18QCigsZEbLovKiYMpddxBnqGgF4MeTX6 ptxfE8duAZQ3+wc+ij+Z1TmZScTHd9bxcGlkn0aj2nfuaFDFRP/fm3I50iL6QwXpNyMKD8Oj2+5k RIfQpn2OxScgn6wauUL1TQAAADacCd0xdLntxPiQU+LdyX+QexJkw8ZTZHPy3HkfuxKkQfwYLqX1 zMD8uOuP1mJ911dhbnnOEiYADkkeAJnDpp9TQD1PFV6wRhr5eRtJhgAAALgpH0r16Fkri92M4JPN XfJNkW0PMnBpuUY2DTvP+gHKYLQAU7m5BQ9JkG5rU70/YQeWGHYn8BU40TVwj8o+FbPhuIer5qIq hYj3v2cZVv6hCYdyj2bDuy1qBtqU+bBResYI9zFRTgWtpeiWJukKu921Bg9zZ9rqKkzcAI5h/wDe 6pVx6NCF
your decrypted and decoded message:
| Stefan, I got: | AgAAAHYwSAAAAO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG | NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w== | from you. Is this the same encrypted message as the one you sent? I'm expecting that it is.
BTW. NaClbox messages are authenticated, so no one can send you a message in my name, if they are not in possession of my private key. This avoids then also to use signatures, like with GnuPG. And the IMHO cool thing about NaClbox is that it is much easier to use and learn than GnuPG. Regards Stefan -- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
On 10/12/20, Stefan Claas <sac@300baud.de> wrote:
Stefan Claas wrote:
| Stefan, I got: | AgAAAHYwSAAAAO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG | NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w== | from you. Is this the same encrypted message as the one you sent? I'm expecting that it is.
AgAAAHYwjgEAACeQYcUutIj71LXOwf6SZU3wiTMAhlKBNAw552GqDynQ4nKtGX2l+5beCjexTFSW +MTj6dbJhjfTVpRzalwY19NSWrjeFZpy3WLi78oz3Yh/Tt7tLI630KJUO5vlAOqLM8IJmV4//ZeG 2AQgpofe61FXDm8H/SXRNFGD9K3Y/sIwtFbzGgyNJxEMIILTtkGCuWvr3Ub6nS06m4PuwP4Eeu0a ObmohUDGnXNuKEiULvyBbP2X05+s5ogXrzN5lh3pAW3q345kWDteqvqdS3o6baVTYthEb63m5dRg vIPIeto8v0ZBqJ9zZqIGPKlthQ9u0TXHR4xrdUUWKVxZfyOP906PPSmmoc10zQtWR3Bw9rZ3ym9Y HxXSu8YvnvGqH+IHzn4qYZYh+WywfcNwoygyNVKuswXDSbz1okDq0yMixIoi6at5ZHCJZDmu9KJx +LwUQWw7FYR9u2TqFsb+/w8snk9SI8gBTQW4jDoDDbGYYySDQqJA4SOhATwEMRuBySZEQbJ+qtlv zpPl4upnvipG
BTW. NaClbox messages are authenticated, so no one can send you a message in my name, if they are not in possession of my private key. This avoids then also to use signatures, like with GnuPG.
And the IMHO cool thing about NaClbox is that it is much easier to use and learn than GnuPG.
Why do you not use naclbox to communicate all the time? Couldn't it even be used for the cypherpunks mailing list, if the mailing list had a shared receiving private key, to verify that each person is saying what they intend? k's thinkpad, tor source folder, c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664
Karl wrote:
On 10/12/20, Stefan Claas <sac@300baud.de> wrote:
Stefan Claas wrote:
| Stefan, I got: | AgAAAHYwSAAAAO+xQIT5meBNroABRxnwz1nF8Apub/z5OiqCftZUpGTBbcejwe6XQF4lpAnhW9YG | NAl9/zdLkj8FOG2NQmhbx82HXJv1Ju2c1w== | from you. Is this the same encrypted message as the one you sent? I'm expecting that it is.
AgAAAHYwjgEAACeQYcUutIj71LXOwf6SZU3wiTMAhlKBNAw552GqDynQ4nKtGX2l+5beCjexTFSW +MTj6dbJhjfTVpRzalwY19NSWrjeFZpy3WLi78oz3Yh/Tt7tLI630KJUO5vlAOqLM8IJmV4//ZeG 2AQgpofe61FXDm8H/SXRNFGD9K3Y/sIwtFbzGgyNJxEMIILTtkGCuWvr3Ub6nS06m4PuwP4Eeu0a ObmohUDGnXNuKEiULvyBbP2X05+s5ogXrzN5lh3pAW3q345kWDteqvqdS3o6baVTYthEb63m5dRg vIPIeto8v0ZBqJ9zZqIGPKlthQ9u0TXHR4xrdUUWKVxZfyOP906PPSmmoc10zQtWR3Bw9rZ3ym9Y HxXSu8YvnvGqH+IHzn4qYZYh+WywfcNwoygyNVKuswXDSbz1okDq0yMixIoi6at5ZHCJZDmu9KJx +LwUQWw7FYR9u2TqFsb+/w8snk9SI8gBTQW4jDoDDbGYYySDQqJA4SOhATwEMRuBySZEQbJ+qtlv zpPl4upnvipG
AgAAAHYwBwIAALj3MZ/ShsJxjdYIfsw22RKVJePXqE4q6+lwN9/WJA+H16C1chNRDPVgNtau4BDj DAfkY7LBXvhyVlORTzJtdglh5FV5Vu+YlcqHGsLzJRxLKJlLVYS1jbU9+4yea2ftG3Yo/fJQXdCH AfLL4ip86KR0fgOj2ih9lXJjQ6tFWIEbWoX6lzEhccCgPgPRciDlv19VGCX66aP2nFIPr0qDVw2c sMMgRCMlsnQKWIWspYX62a7dq7T7hm2uCRo+Ak35vj2KMoOkD4aUutr1XDNJ8wm9XuYN9Dh94sgP /kF6gNPo+kwnul80mPFJWHe/o4Ltpe0ONh5MIG53DOLilKMe7CFn1jKzDEujapxmDhD1Pt4WP59q DlJDk3BMGEplyCQSQYCfK3Ot3NZHcmaIcPhhEzPiBBPw2959T5mYUHstumsjoDx9t+xEmCR0gDdT S2dbMhlTCEsu1g3arsc0p63nmxS/q79y7GwAn024lbYMz/OvSM10L2mjGiIkuYsnn8eKw9kJy0YL M70pysgcBbj9l5/oFjPk/L4bz0omP2DsP0sWfN9Vr5+9/uYbfJ0dG6UBnSXwXxFxq/cBhzwPJdWw Uov/5awa2KOwcRToPX2dMWfRAIIngX9L3mHIW579mxA+ItYy+bHjwhQzccUv2PKyPGGSLwzEjzm3 BjvksacLYb/51Cy2dbtqHQ==
BTW. NaClbox messages are authenticated, so no one can send you a message in my name, if they are not in possession of my private key. This avoids then also to use signatures, like with GnuPG.
And the IMHO cool thing about NaClbox is that it is much easier to use and learn than GnuPG.
Why do you not use naclbox to communicate all the time? Couldn't it even be used for the cypherpunks mailing list, if the mailing list had a shared receiving private key, to verify that each person is saying what they intend?
Well, I often receive message in PGP format, because I still have a key pair for GnuPG. Otherwise I already use NaClbox with friends in Germany, the United States and Canada. :-) Regarding the ML, I think the list-owner would not be amused and probably many subscribers would not like the idea either. For that people could use the Usenet group alt.anonymous.messages with a shared hashed subject (hsub) in order to fetch messages, from a.a.m.. Regards Stefan -- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
On 10/12/20, Stefan Claas <sac@300baud.de> wrote:
Why do you not use naclbox to communicate all the time? Couldn't it even be used for the cypherpunks mailing list, if the mailing list had a shared receiving private key, to verify that each person is saying what they intend?
Well, I often receive message in PGP format, because I still have a key pair for GnuPG. Otherwise I already use NaClbox with friends in Germany, the United States and Canada. :-)
Regarding the ML, I think the list-owner would not be amused and probably many subscribers would not like the idea either. For that people could use the Usenet group alt.anonymous.messages with a shared hashed subject (hsub) in order to fetch messages, from a.a.m..
I want to visit your link except what you said makes no sense to me. I think this subscriber crowd would leap on the idea of a nacl-based mailing list. Everybody knows that email is a crummy, weak norm. I'm going to wordwrap this whole message, pipe it to sha512sum, and encrypt the hash to your key. I'll paste it in to a terminal and end it by hitting ctrl-D on a blank line, then add a new blank line and the cyphertext at the bottom. Would you be interested in verifying the checksum? Here's the encrypted message you sent me, decrypted and rewrapped. I don't remember how many characters e-mail wraps to, this is my vim default. Would you be willing to reply encrypted, so I can have more confidence the reply has not been altered in transit? Would you be able to include my message in your reply, so I can know that you are replying to the same words that I sent? A man in the middle could have also made a naclbox identity, and if so we would want them to copy our words accurately. Sure, no problem. But as I posted this key I currently use is a *test* key on my online computer. Best regards Stefan
Regards Stefan
-- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
NaClbox: c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664 AgAAAHYwrAAAAOv06nJj1B8i1KTTKblpUZ/jXTNttl/ZD+7Qg3c0M2kOkZ8zZJvp1i/w3shXAeng ixhUQbsLMCjTsDZOdYwAUxmkZ4GV/kmEjzISZcQmxxZCizL+Xyyf/6YdXZ2jBjQ/U/yvI+xgPygq y1nLjES3RW3fg3aDsBrv574GD/ca81f/rc6hcchP0clZydHcYNCEOLh8eHHY2QT6IaMXS0CC+fma Ecvf7l3mE/QGYRk=
Karl wrote:
I'm going to wordwrap this whole message, pipe it to sha512sum, and encrypt the hash to your key. I'll paste it in to a terminal and end it by hitting ctrl-D on a blank line, then add a new blank line and the cyphertext at the bottom. Would you be interested in verifying the checksum?
Could you do me a favor, because my hash did not matched. Maybe mark in your next reply, the part with ----- or something else, so that I exactly know from where I have to copy and paste from? Regards Stefan -- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
Also attached to resolve pasting corruption. Document includes only through the ---- armor. As it says inside the document, signature is calculated with tail -n +4 | head -n -8 | sha512sum . -----BEGIN NaCl SIGNED MESSAGE----- Hash: tail -n +4 | head -n -8 | sha512sum On 10/12/20, Stefan Claas <sac@300baud.de> wrote:
Why do you not use naclbox to communicate all the time? Couldn't it even be used for the cypherpunks mailing list, if the mailing list had a shared receiving private key, to verify that each person is saying what they intend?
Well, I often receive message in PGP format, because I still have a key pair for GnuPG. Otherwise I already use NaClbox with friends in Germany, the United States and Canada. :-)
Regarding the ML, I think the list-owner would not be amused and probably many subscribers would not like the idea either. For that people could use the Usenet group alt.anonymous.messages with a shared hashed subject (hsub) in order to fetch messages, from a.a.m..
I want to visit your link except what you said makes no sense to me. I think this subscriber crowd would leap on the idea of a nacl-based mailing list. Everybody knows that email is a crummy, weak norm. I'm going to wordwrap this whole message, pipe it to sha512sum, and encrypt the hash to your key. I'll paste it in to a terminal and end it by hitting ctrl-D on a blank line, then add a new blank line and the cyphertext at the bottom. Would you be interested in verifying the checksum? Here's the encrypted message you sent me, decrypted and rewrapped. I don't remember how many characters e-mail wraps to, this is my vim default. Would you be willing to reply encrypted, so I can have more confidence the reply has not been altered in transit? Would you be able to include my message in your reply, so I can know that you are replying to the same words that I sent? A man in the middle could have also made a naclbox identity, and if so we would want them to copy our words accurately. Sure, no problem. But as I posted this key I currently use is a *test* key on my online computer. Best regards Stefan
Regards Stefan
-- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
NaClbox: c72e81da09e333bc8804205bcfcf3bd8821cad61ad862d57114339e5ee00a664 -----BEGIN NaCl SIGNATURE----- Version: tail -n +4 | head -n -8 | sha512sum AgAAAHYwrAAAAPI9q0d4Qh3vcGOuoDcFMEv4zZfU6I9dTTkmeg6vYbxmgytSZUWVEbPgDoT119MW cfr9JL+N5G3+z0L2VUBzMwxhdTjgPbiDpC1LyndCDgG+MgYDI3DduxvEzW2TmVrpV6rh27vOD/jo MsyrUMy+RJ5qksJxNig+Q/tvGsKMiKtYxauyokBQIhOvYFUdNmPtD3vCLYEgRT27Bdec+8OSSC/x q+NjTaSI9D8PhkE= -----END NaCl SIGNATURE-----
Karl wrote:
Also attached to resolve pasting corruption. Document includes only through the ---- armor. As it says inside the document, signature is calculated with tail -n +4 | head -n -8 | sha512sum .
-----BEGIN NaCl SIGNED MESSAGE----- Hash: tail -n +4 | head -n -8 | sha512sum
Most interesting with what you came up with, because my MUA saves then your message as it should be. However, unfortunately the included hash does not match. :-( BTW. are you aware that the NaCl crypto library has also a sign function? It would then require a second key, same as with GnuPG, but maybe also worth to explore, because you are a programmer. Here is a sample implementation in Golang, which unfortunately writes the signature as binary instead of (base64) ASCII. https://github.com/UNO-SOFT/signify-nacl Regards Stefan -- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
Stefan Claas wrote:
Karl wrote:
Also attached to resolve pasting corruption. Document includes only through the ---- armor. As it says inside the document, signature is calculated with tail -n +4 | head -n -8 | sha512sum .
-----BEGIN NaCl SIGNED MESSAGE----- Hash: tail -n +4 | head -n -8 | sha512sum
Most interesting with what you came up with, because my MUA saves then your message as it should be. However, unfortunately the included hash does not match. :-(
Stupid me, never mind ... Regards Stefan -- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
I embarrassingly haven't sustained much understanding of golang ... I wanted to convert my box keys to signify-nacl keys but it seems the formats are different; my own signature doesn't verify when I just copy the bytes. Do you know if there is a way to use cargo from an offline system? This would help inspire me to understand golang better. On 10/12/20, Stefan Claas <sac@300baud.de> wrote:
Karl wrote:
Also attached to resolve pasting corruption. Document includes only through the ---- armor. As it says inside the document, signature is calculated with tail -n +4 | head -n -8 | sha512sum .
-----BEGIN NaCl SIGNED MESSAGE----- Hash: tail -n +4 | head -n -8 | sha512sum
Most interesting with what you came up with, because my MUA saves then your message as it should be. However, unfortunately the included hash does not match. :-(
BTW. are you aware that the NaCl crypto library has also a sign function?
It would then require a second key, same as with GnuPG, but maybe also worth to explore, because you are a programmer.
Here is a sample implementation in Golang, which unfortunately writes the signature as binary instead of (base64) ASCII.
https://github.com/UNO-SOFT/signify-nacl
Regards Stefan
-- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
Karl wrote:
I embarrassingly haven't sustained much understanding of golang ... I wanted to convert my box keys to signify-nacl keys but it seems the formats are different; my own signature doesn't verify when I just copy the bytes.
NaCl sign secret keys are 64 bytes, while NaCl box secret keys are 32 bytes.
Do you know if there is a way to use cargo from an offline system? This would help inspire me to understand golang better.
No, unfortunately not. Regards Stefan -- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
Stefan Claas wrote:
Karl wrote:
I embarrassingly haven't sustained much understanding of golang ... I wanted to convert my box keys to signify-nacl keys but it seems the formats are different; my own signature doesn't verify when I just copy the bytes.
NaCl sign secret keys are 64 bytes, while NaCl box secret keys are 32 bytes.
Since you are a Programmer, maybe this helps: <https://crypto.stackexchange.com/questions/54353/why-are-nacl-secret-keys-64-bytes-for-signing-but-32-bytes-for-box> Regards Stefan -- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
On Mon, Oct 12, 2020, 6:46 PM Stefan Claas <sac@300baud.de> wrote:
Stefan Claas wrote:
Karl wrote:
I embarrassingly haven't sustained much understanding of golang ... I wanted to convert my box keys to signify-nacl keys but it seems the formats are different; my own signature doesn't verify when I just copy the bytes.
NaCl sign secret keys are 64 bytes, while NaCl box secret keys are 32 bytes.
Since you are a Programmer, maybe this helps:
< https://crypto.stackexchange.com/questions/54353/why-are-nacl-secret-keys-64...
Quote: An Ed25519 private key consists of a 32 byte seed (from which you can cheaply derive the 32 byte private scalar and the 32 byte hash prefix) and the 32 byte public key. This is actually what I tried, but I think I need to look at the implementations to make it work. I can likely figure the golang out if I need to, or probably there's a more direct approach to the whole shebang. Maybe I'll come up with a high latency message to send to your offline system =) -sent from my closed source toosmartphone, which is dangerously rotting the flesh of my hands
Regards Stefan
-- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
On Mon, 12 Oct 2020 13:43:31 -0400 Karl <gmkarl@gmail.com> wrote:
Couldn't it be used for the mailing list, to verify that each person is saying what they intend?
you think the list administrator is tampering with the messages? That would be pointless and easily detected. Signing messanges buys you nothing. ON THE OTHER HAND, if you sign your messages you're providing 'crytographic evidence' for govcorp to further attack you.
Man, providing reasons for govcorp to attack me is my job. You sound like you're the man in the middle, punk! On 10/12/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Mon, 12 Oct 2020 13:43:31 -0400 Karl <gmkarl@gmail.com> wrote:
Couldn't it be used for the mailing list, to verify that each person is saying what they intend?
you think the list administrator is tampering with the messages? That would be pointless and easily detected. Signing messanges buys you nothing.
ON THE OTHER HAND, if you sign your messages you're providing 'crytographic evidence' for govcorp to further attack you.
Hey punk, On 10/12/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Mon, 12 Oct 2020 13:43:31 -0400 Karl <gmkarl@gmail.com> wrote:
Couldn't it be used for the mailing list, to verify that each person is saying what they intend?
you think the list administrator is tampering with the messages? That would be pointless and easily detected. Signing messanges buys you nothing.
ON THE OTHER HAND, if you sign your messages you're providing 'crytographic evidence' for govcorp to further attack you.
It sounds like you felt irritated when I mentioned verifying integrity of messages. What's going on?
On Tue, 13 Oct 2020 13:46:04 -0400 Karl <gmkarl@gmail.com> wrote:
Hey punk,
On 10/12/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Mon, 12 Oct 2020 13:43:31 -0400 Karl <gmkarl@gmail.com> wrote:
Couldn't it be used for the mailing list, to verify that each person is saying what they intend?
you think the list administrator is tampering with the messages? That would be pointless and easily detected. Signing messanges buys you nothing.
ON THE OTHER HAND, if you sign your messages you're providing 'crytographic evidence' for govcorp to further attack you.
It sounds like you felt irritated when I mentioned verifying integrity of messages. What's going on?
I explained why it's a bad idea above. Read what I wrote. If you want to sign your stupid messages, sign them and leave the rest of people and the list list alone.
Okay, I'll read it more. It sounds like you're imagining me suspecting the list administrator of harming the list, and feel disgusted by that idea. (I wouldn't suspect them of this.) It sounds like you then tell me that signing messages is futile and pointless. (I'm not sure why.) It seems you're noting there being public cryptographic proof that I would have sent signed messages, and harm befalling me because of this. (I have that harm already, and one can always make a new private key for a new identity.) But I wasn't asking why you think it's a bad idea. I was asking what you're frustrated about. On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Tue, 13 Oct 2020 13:46:04 -0400 Karl <gmkarl@gmail.com> wrote:
Hey punk,
On 10/12/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Mon, 12 Oct 2020 13:43:31 -0400 Karl <gmkarl@gmail.com> wrote:
Couldn't it be used for the mailing list, to verify that each person is saying what they intend?
you think the list administrator is tampering with the messages? That would be pointless and easily detected. Signing messanges buys you nothing.
ON THE OTHER HAND, if you sign your messages you're providing 'crytographic evidence' for govcorp to further attack you.
It sounds like you felt irritated when I mentioned verifying integrity of messages. What's going on?
I explained why it's a bad idea above. Read what I wrote. If you want to sign your stupid messages, sign them and leave the rest of people and the list list alone.
On Tue, 13 Oct 2020 14:53:26 -0400 Karl <gmkarl@gmail.com> wrote:
Okay, I'll read it more.
It sounds like you're imagining me suspecting the list administrator of harming the list, and feel disgusted by that idea.
I'm saying that nobody is going to bother altering the messages that are posted to the list. And if somebody does, so what. Actually it would be entertaining if sombebody did and we got to see how the 'intelligence services' operate. So maybe all the fascist crap that jim bell posts doesn't come from jim bell. Except, the stuff posted by 'jim bell' is exactly the sort of stuff I'd come to expect from the guy who thinks that murder is the 'libertarian' way to deal with theft.
(I wouldn't suspect them of this.) It sounds like you then tell me that signing messages is futile and pointless. (I'm not sure why.)
it's pointless for the resaons above.
It seems you're noting there being public cryptographic proof that I would have sent signed messages, and harm befalling me because of this. (I have that harm already, and one can always make a new private key for a new identity.)
so signing makes you less 'anonymous'. You're already using a joomail address anyway.
But I wasn't asking why you think it's a bad idea. I was asking what you're frustrated about.
I'm frustrated because a bad idea is being promoted...Not sure what else is needed? But again, if you want to sign your own messages, do so.
On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Tue, 13 Oct 2020 13:46:04 -0400 Karl <gmkarl@gmail.com> wrote:
Hey punk,
On 10/12/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Mon, 12 Oct 2020 13:43:31 -0400 Karl <gmkarl@gmail.com> wrote:
Couldn't it be used for the mailing list, to verify that each person is saying what they intend?
you think the list administrator is tampering with the messages? That would be pointless and easily detected. Signing messanges buys you nothing.
ON THE OTHER HAND, if you sign your messages you're providing 'crytographic evidence' for govcorp to further attack you.
It sounds like you felt irritated when I mentioned verifying integrity of messages. What's going on?
I explained why it's a bad idea above. Read what I wrote. If you want to sign your stupid messages, sign them and leave the rest of people and the list list alone.
On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Tue, 13 Oct 2020 14:53:26 -0400 Karl <gmkarl@gmail.com> wrote:
Okay, I'll read it more.
It sounds like you're imagining me suspecting the list administrator of harming the list, and feel disgusted by that idea.
I'm saying that nobody is going to bother altering the messages that are posted to the list. And if somebody does, so what. Actually it would be entertaining if sombebody did and we got to see how the 'intelligence services' operate.
Saaaay I were one of those cool government agent types who gets all the movies made about them and maybe always worries they would not only lose their work but possibly be murdered (have not been in a crowd where that happens myself) if they revealed who they are. Say I were working for a government and designed a really cool system that lets you automatically alter the words people send over the internet, so that things that were dangerous to the government no longer had that effect. Maybe some stuff comes out weird on the other side, but what's important of course is that there is no longer unrest because nobody even ever receives the word banana (altered from banana so that you can receive this message). Omigod my boss would love me! What do you think of this idea?
So maybe all the fascist crap that jim bell posts doesn't come from jim bell. Except, the stuff posted by 'jim bell' is exactly the sort of stuff I'd come to expect from the guy who thinks that murder is the 'libertarian' way to deal with theft.
You don't know unless you use signatures! Don't get scared, most people are kind and trusting. However, here is a random tutorial on altering the messages of other people: https://linuxhint.com/mimt_attacks_linux/
(I wouldn't suspect them of this.) It sounds like you then tell me that signing messages is futile and pointless. (I'm not sure why.)
it's pointless for the resaons above.
It seems you're noting there being public cryptographic proof that I would have sent signed messages, and harm befalling me because of this. (I have that harm already, and one can always make a new private key for a new identity.)
so signing makes you less 'anonymous'. You're already using a joomail address anyway.
But I wasn't asking why you think it's a bad idea. I was asking what you're frustrated about.
I'm frustrated because a bad idea is being promoted...Not sure what else is needed? But again, if you want to sign your own messages, do so.
Good advice, there. Really, though, I actually need help setting up message signing, and I'm not sure where to go. So, my plan is to figure it out and share it. I already have my raspberry pi!
On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Tue, 13 Oct 2020 13:46:04 -0400 Karl <gmkarl@gmail.com> wrote:
Hey punk,
On 10/12/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Mon, 12 Oct 2020 13:43:31 -0400 Karl <gmkarl@gmail.com> wrote:
Couldn't it be used for the mailing list, to verify that each person is saying what they intend?
you think the list administrator is tampering with the messages? That would be pointless and easily detected. Signing messanges buys you nothing.
ON THE OTHER HAND, if you sign your messages you're providing 'crytographic evidence' for govcorp to further attack you.
It sounds like you felt irritated when I mentioned verifying integrity of messages. What's going on?
I explained why it's a bad idea above. Read what I wrote. If you want to sign your stupid messages, sign them and leave the rest of people and the list list alone.
participants (3)
-
Karl -
Punk-BatSoup-Stasi 2.0 -
Stefan Claas